CVE-2024-1817 | Demososo DM Enterprise Website Building System up to 2022.8 Cookie indexDM_load.php dmlogin is_admin improper authentication

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication.

This vulnerability is known as CVE-2024-1817. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-1817 | Demososo DM Enterprise Website Building System up to 2022.8 Cookie indexDM_load.php dmlogin is_admin improper authentication

Related Posts

CVE-2024-20455 | Cisco IOS XE Catalyst SD-WAN up to 17.13.1a Unified Threat Defense denial of service (cisco-sa-sdwan-utd-dos-hDATqxs)

CVE-2023-35876 | WooCommerce Square Plugin up to 3.8.1 on WordPress authorization

CVE-2023-23437 | Honor com.hihonor.vmall prior 2.3.3.300 information disclosure

CVE-2023-45044 | QNAP QuTS hero/QTS prior 5.1.4.2596 Build 20231128 buffer overflow (qsa-23-27)